Quote:
Originally Posted by TheSenator
Thank you for the tool. Do you know if the CCBill cookie is encrypted?
Also, is there any impact from redirecting 307(Temporary), no follow, sponsors HTTPS URL to a non-secure URL?
I use PrettyLinks for URL management.
|
Define "encrypted".
Cookies are encrypted in transit when being sent to secure URLS (HTTPS). CCBill's URLs are
not encrypted and will fail if you try to call them with encryption (despite the fact that it's the year 2021).
Cookie values can also be encrypted, though I'm not sure what that accomplishes. They're clearly using some random-looking strings (e.g. "917833=CLICKS2xxWAEVsmOZT6t8ryDiItk8ZwBtWHLb2R5!P X0ImB^PNcIncgl893aYl1grn182U*") it's impossible to tell if the randomness of that string is because they've encrypted the value, or if it's just some type of hash that only they understand. Either way I'm not sure it matters much as long as they understand the value when they see it.
Quote:
Originally Posted by faxxaff
Just followed your link and found this code on the signup page:
Code:
<input type='hidden' name='ccbill_referer' value='2045096'>
Your browser may not store third party cookies due to privacy settings or other technical issues ... Not all sales are tracked either way, but it is worth investigating. |
The CCBill cookies are
not 3rd party cookies. They're first party cookies. Cookies set by URLs on refer. ccbill. com include the text "domain=.ccbill .com" which means they're setting for the entire domain, not just the "refer" subdomain. Because they're setting for their own domain, their "first party".
A third party cookie is when a cookie is set when a page loads something off a different domain (e.g. an image or a script). That's not what's happening in this case. The user actually goes (for a split second) to CCBill and is then redirected to the sponsor site. Redirects aren't "third party", they're first party.